Skip to content

Commit 987ae51

Browse files
balasankarcbalasankarc
committed
Add Redis TLS settings for Rails
Changelog: added Signed-off-by: Balasankar "Balu" C <[email protected]>
1 parent 66660c1 commit 987ae51

File tree

5 files changed

+182
-5
lines changed

5 files changed

+182
-5
lines changed

files/gitlab-config-template/gitlab.rb.template

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -776,6 +776,10 @@ external_url 'GENERATED_EXTERNAL_URL'
776776
# gitlab_rails['redis_password'] = nil
777777
# gitlab_rails['redis_database'] = 0
778778
# gitlab_rails['redis_enable_client'] = true
779+
# gitlab_rails['redis_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
780+
# gitlab_rails['redis_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
781+
# gitlab_rails['redis_tls_client_cert_file'] = nil
782+
# gitlab_rails['redis_tls_client_key_file'] = nil
779783

780784
#### Redis local UNIX socket (will be disabled if TCP method is used)
781785
# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
@@ -810,60 +814,100 @@ external_url 'GENERATED_EXTERNAL_URL'
810814
# gitlab_rails['redis_cache_username'] = nil
811815
# gitlab_rails['redis_cache_password'] = nil
812816
# gitlab_rails['redis_cache_cluster_nodes'] = nil
817+
# gitlab_rails['redis_cache_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
818+
# gitlab_rails['redis_cache_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
819+
# gitlab_rails['redis_cache_tls_client_cert_file'] = nil
820+
# gitlab_rails['redis_cache_tls_client_key_file'] = nil
813821
# gitlab_rails['redis_queues_instance'] = nil
814822
# gitlab_rails['redis_queues_sentinels'] = nil
815823
# gitlab_rails['redis_queues_sentinels_password'] = nil
816824
# gitlab_rails['redis_queues_username'] = nil
817825
# gitlab_rails['redis_queues_password'] = nil
818826
# gitlab_rails['redis_queues_cluster_nodes'] = nil
827+
# gitlab_rails['redis_queues_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
828+
# gitlab_rails['redis_queues_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
829+
# gitlab_rails['redis_queues_tls_client_cert_file'] = nil
830+
# gitlab_rails['redis_queues_tls_client_key_file'] = nil
819831
# gitlab_rails['redis_shared_state_instance'] = nil
820832
# gitlab_rails['redis_shared_state_sentinels'] = nil
821833
# gitlab_rails['redis_shared_state_sentinels_password'] = nil
822834
# gitlab_rails['redis_shared_state_username'] = nil
823835
# gitlab_rails['redis_shared_state_password'] = nil
824836
# gitlab_rails['redis_shared_state_cluster_nodes'] = nil
837+
# gitlab_rails['redis_shared_state_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
838+
# gitlab_rails['redis_shared_state_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
839+
# gitlab_rails['redis_shared_state_tls_client_cert_file'] = nil
840+
# gitlab_rails['redis_shared_state_tls_client_key_file'] = nil
825841
# gitlab_rails['redis_trace_chunks_instance'] = nil
826842
# gitlab_rails['redis_trace_chunks_sentinels'] = nil
827843
# gitlab_rails['redis_trace_chunks_sentinels_password'] = nil
828844
# gitlab_rails['redis_trace_chunks_username'] = nil
829845
# gitlab_rails['redis_trace_chunks_password'] = nil
830846
# gitlab_rails['redis_trace_chunks_cluster_nodes'] = nil
847+
# gitlab_rails['redis_trace_chunks_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
848+
# gitlab_rails['redis_trace_chunks_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
849+
# gitlab_rails['redis_trace_chunks_tls_client_cert_file'] = nil
850+
# gitlab_rails['redis_trace_chunks_tls_client_key_file'] = nil
831851
# gitlab_rails['redis_actioncable_instance'] = nil
832852
# gitlab_rails['redis_actioncable_sentinels'] = nil
833853
# gitlab_rails['redis_actioncable_sentinels_password'] = nil
834854
# gitlab_rails['redis_actioncable_username'] = nil
835855
# gitlab_rails['redis_actioncable_password'] = nil
836856
# gitlab_rails['redis_actioncable_cluster_nodes'] = nil
857+
# gitlab_rails['redis_actioncable_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
858+
# gitlab_rails['redis_actioncable_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
859+
# gitlab_rails['redis_actioncable_tls_client_cert_file'] = nil
860+
# gitlab_rails['redis_actioncable_tls_client_key_file'] = nil
837861
# gitlab_rails['redis_rate_limiting_instance'] = nil
838862
# gitlab_rails['redis_rate_limiting_sentinels'] = nil
839863
# gitlab_rails['redis_rate_limiting_sentinels_password'] = nil
840864
# gitlab_rails['redis_rate_limiting_username'] = nil
841865
# gitlab_rails['redis_rate_limiting_password'] = nil
842866
# gitlab_rails['redis_rate_limiting_cluster_nodes'] = nil
867+
# gitlab_rails['redis_rate_limiting_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
868+
# gitlab_rails['redis_rate_limiting_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
869+
# gitlab_rails['redis_rate_limiting_tls_client_cert_file'] = nil
870+
# gitlab_rails['redis_rate_limiting_tls_client_key_file'] = nil
843871
# gitlab_rails['redis_sessions_instance'] = nil
844872
# gitlab_rails['redis_sessions_sentinels'] = nil
845873
# gitlab_rails['redis_sessions_sentinels_password'] = nil
846874
# gitlab_rails['redis_sessions_username'] = nil
847875
# gitlab_rails['redis_sessions_password'] = nil
848876
# gitlab_rails['redis_sessions_cluster_nodes'] = nil
877+
# gitlab_rails['redis_sessions_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
878+
# gitlab_rails['redis_sessions_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
879+
# gitlab_rails['redis_sessions_tls_client_cert_file'] = nil
880+
# gitlab_rails['redis_sessions_tls_client_key_file'] = nil
849881
# gitlab_rails['redis_cluster_rate_limiting_instance'] = nil
850882
# gitlab_rails['redis_cluster_rate_limiting_sentinels'] = nil
851883
# gitlab_rails['redis_cluster_rate_limiting_sentinels_password'] = nil
852884
# gitlab_rails['redis_cluster_rate_limiting_username'] = nil
853885
# gitlab_rails['redis_cluster_rate_limiting_password'] = nil
854886
# gitlab_rails['redis_cluster_rate_limiting_cluster_nodes'] = nil
887+
# gitlab_rails['redis_cluster_rate_limiting_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
888+
# gitlab_rails['redis_cluster_rate_limiting_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
889+
# gitlab_rails['redis_cluster_rate_limiting_tls_client_cert_file'] = nil
890+
# gitlab_rails['redis_cluster_rate_limiting_tls_client_key_file'] = nil
855891
# gitlab_rails['redis_repository_cache_instance'] = nil
856892
# gitlab_rails['redis_repository_cache_sentinels'] = nil
857893
# gitlab_rails['redis_repository_cache_sentinels_password'] = nil
858894
# gitlab_rails['redis_repository_cache_username'] = nil
859895
# gitlab_rails['redis_repository_cache_password'] = nil
860896
# gitlab_rails['redis_repository_cache_cluster_nodes'] = nil
897+
# gitlab_rails['redis_repository_cache_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
898+
# gitlab_rails['redis_repository_cache_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
899+
# gitlab_rails['redis_repository_cache_tls_client_cert_file'] = nil
900+
# gitlab_rails['redis_repository_cache_tls_client_key_file'] = nil
861901
# gitlab_rails['redis_workhorse_instance'] = nil
862902
# gitlab_rails['redis_workhorse_sentinels'] = nil
863903
# gitlab_rails['redis_workhorse_sentinels_password'] = nil
864904
# gitlab_rails['redis_workhorse_username'] = nil
865905
# gitlab_rails['redis_workhorse_password'] = nil
866906
# gitlab_rails['redis_workhorse_cluster_nodes'] = nil
907+
# gitlab_rails['redis_workhorse_tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
908+
# gitlab_rails['redis_workhorse_tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
909+
# gitlab_rails['redis_workhorse_tls_client_cert_file'] = nil
910+
# gitlab_rails['redis_workhorse_tls_client_key_file'] = nil
867911

868912
# gitlab_rails['redis_workhorse_sentinel_master'] = nil
869913

files/gitlab-cookbooks/gitlab/attributes/default.rb

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -438,6 +438,10 @@
438438
default['gitlab']['gitlab_rails']['redis_host'] = "127.0.0.1"
439439
default['gitlab']['gitlab_rails']['redis_port'] = nil
440440
default['gitlab']['gitlab_rails']['redis_ssl'] = false
441+
default['gitlab']['gitlab_rails']['redis_tls_ca_cert_dir'] = "#{node['package']['install-dir']}/embedded/ssl/certs/"
442+
default['gitlab']['gitlab_rails']['redis_tls_ca_cert_file'] = "#{node['package']['install-dir']}/embedded/ssl/certs/cacert.pem"
443+
default['gitlab']['gitlab_rails']['redis_tls_client_cert_file'] = nil
444+
default['gitlab']['gitlab_rails']['redis_tls_client_key_file'] = nil
441445
default['gitlab']['gitlab_rails']['redis_password'] = nil
442446
default['gitlab']['gitlab_rails']['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
443447
default['gitlab']['gitlab_rails']['redis_enable_client'] = true
@@ -449,60 +453,110 @@
449453
default['gitlab']['gitlab_rails']['redis_cache_username'] = nil
450454
default['gitlab']['gitlab_rails']['redis_cache_password'] = nil
451455
default['gitlab']['gitlab_rails']['redis_cache_cluster_nodes'] = []
456+
default['gitlab']['gitlab_rails']['redis_cache_ssl'] = false
457+
default['gitlab']['gitlab_rails']['redis_cache_tls_ca_cert_dir'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_dir'].dup
458+
default['gitlab']['gitlab_rails']['redis_cache_tls_ca_cert_file'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_file'].dup
459+
default['gitlab']['gitlab_rails']['redis_cache_tls_client_cert_file'] = nil
460+
default['gitlab']['gitlab_rails']['redis_cache_tls_client_key_file'] = nil
452461
default['gitlab']['gitlab_rails']['redis_queues_instance'] = nil
453462
default['gitlab']['gitlab_rails']['redis_queues_username'] = nil
454463
default['gitlab']['gitlab_rails']['redis_queues_password'] = nil
455464
default['gitlab']['gitlab_rails']['redis_queues_sentinels'] = []
456465
default['gitlab']['gitlab_rails']['redis_queues_sentinels_password'] = nil
457466
default['gitlab']['gitlab_rails']['redis_queues_cluster_nodes'] = []
467+
default['gitlab']['gitlab_rails']['redis_queues_ssl'] = false
468+
default['gitlab']['gitlab_rails']['redis_queues_tls_ca_cert_dir'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_dir'].dup
469+
default['gitlab']['gitlab_rails']['redis_queues_tls_ca_cert_file'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_file'].dup
470+
default['gitlab']['gitlab_rails']['redis_queues_tls_client_cert_file'] = nil
471+
default['gitlab']['gitlab_rails']['redis_queues_tls_client_key_file'] = nil
458472
default['gitlab']['gitlab_rails']['redis_shared_state_instance'] = nil
459473
default['gitlab']['gitlab_rails']['redis_shared_state_sentinels'] = []
460474
default['gitlab']['gitlab_rails']['redis_shared_state_sentinels_password'] = nil
461475
default['gitlab']['gitlab_rails']['redis_shared_state_username'] = nil
462476
default['gitlab']['gitlab_rails']['redis_shared_state_password'] = nil
463477
default['gitlab']['gitlab_rails']['redis_shared_state_cluster_nodes'] = []
478+
default['gitlab']['gitlab_rails']['redis_shared_state_ssl'] = false
479+
default['gitlab']['gitlab_rails']['redis_shared_state_tls_ca_cert_dir'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_dir'].dup
480+
default['gitlab']['gitlab_rails']['redis_shared_state_tls_ca_cert_file'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_file'].dup
481+
default['gitlab']['gitlab_rails']['redis_shared_state_tls_client_cert_file'] = nil
482+
default['gitlab']['gitlab_rails']['redis_shared_state_tls_client_key_file'] = nil
464483
default['gitlab']['gitlab_rails']['redis_trace_chunks_instance'] = nil
465484
default['gitlab']['gitlab_rails']['redis_trace_chunks_sentinels'] = []
466485
default['gitlab']['gitlab_rails']['redis_trace_chunks_sentinels_password'] = nil
467486
default['gitlab']['gitlab_rails']['redis_trace_chunks_username'] = nil
468487
default['gitlab']['gitlab_rails']['redis_trace_chunks_password'] = nil
469488
default['gitlab']['gitlab_rails']['redis_trace_chunks_cluster_nodes'] = []
489+
default['gitlab']['gitlab_rails']['redis_trace_chunks_ssl'] = false
490+
default['gitlab']['gitlab_rails']['redis_trace_chunks_tls_ca_cert_dir'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_dir'].dup
491+
default['gitlab']['gitlab_rails']['redis_trace_chunks_tls_ca_cert_file'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_file'].dup
492+
default['gitlab']['gitlab_rails']['redis_trace_chunks_tls_client_cert_file'] = nil
493+
default['gitlab']['gitlab_rails']['redis_trace_chunks_tls_client_key_file'] = nil
470494
default['gitlab']['gitlab_rails']['redis_actioncable_instance'] = nil
471495
default['gitlab']['gitlab_rails']['redis_actioncable_sentinels'] = []
472496
default['gitlab']['gitlab_rails']['redis_actioncable_sentinels_password'] = nil
473497
default['gitlab']['gitlab_rails']['redis_actioncable_username'] = nil
474498
default['gitlab']['gitlab_rails']['redis_actioncable_password'] = nil
475499
default['gitlab']['gitlab_rails']['redis_actioncable_cluster_nodes'] = []
500+
default['gitlab']['gitlab_rails']['redis_actioncable_ssl'] = false
501+
default['gitlab']['gitlab_rails']['redis_actioncable_tls_ca_cert_dir'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_dir'].dup
502+
default['gitlab']['gitlab_rails']['redis_actioncable_tls_ca_cert_file'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_file'].dup
503+
default['gitlab']['gitlab_rails']['redis_actioncable_tls_client_cert_file'] = nil
504+
default['gitlab']['gitlab_rails']['redis_actioncable_tls_client_key_file'] = nil
476505
default['gitlab']['gitlab_rails']['redis_rate_limiting_instance'] = nil
477506
default['gitlab']['gitlab_rails']['redis_rate_limiting_sentinels'] = []
478507
default['gitlab']['gitlab_rails']['redis_rate_limiting_sentinels_password'] = nil
479508
default['gitlab']['gitlab_rails']['redis_rate_limiting_username'] = nil
480509
default['gitlab']['gitlab_rails']['redis_rate_limiting_password'] = nil
481510
default['gitlab']['gitlab_rails']['redis_rate_limiting_cluster_nodes'] = []
511+
default['gitlab']['gitlab_rails']['redis_rate_limiting_ssl'] = false
512+
default['gitlab']['gitlab_rails']['redis_rate_limiting_tls_ca_cert_dir'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_dir'].dup
513+
default['gitlab']['gitlab_rails']['redis_rate_limiting_tls_ca_cert_file'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_file'].dup
514+
default['gitlab']['gitlab_rails']['redis_rate_limiting_tls_client_cert_file'] = nil
515+
default['gitlab']['gitlab_rails']['redis_rate_limiting_tls_client_key_file'] = nil
482516
default['gitlab']['gitlab_rails']['redis_sessions_instance'] = nil
483517
default['gitlab']['gitlab_rails']['redis_sessions_sentinels'] = []
484518
default['gitlab']['gitlab_rails']['redis_sessions_sentinels_password'] = nil
485519
default['gitlab']['gitlab_rails']['redis_sessions_username'] = nil
486520
default['gitlab']['gitlab_rails']['redis_sessions_password'] = nil
487521
default['gitlab']['gitlab_rails']['redis_sessions_cluster_nodes'] = []
522+
default['gitlab']['gitlab_rails']['redis_sessions_ssl'] = false
523+
default['gitlab']['gitlab_rails']['redis_sessions_tls_ca_cert_dir'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_dir'].dup
524+
default['gitlab']['gitlab_rails']['redis_sessions_tls_ca_cert_file'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_file'].dup
525+
default['gitlab']['gitlab_rails']['redis_sessions_tls_client_cert_file'] = nil
526+
default['gitlab']['gitlab_rails']['redis_sessions_tls_client_key_file'] = nil
488527
default['gitlab']['gitlab_rails']['redis_repository_cache_instance'] = nil
489528
default['gitlab']['gitlab_rails']['redis_repository_cache_sentinels'] = []
490529
default['gitlab']['gitlab_rails']['redis_repository_cache_sentinels_password'] = nil
491530
default['gitlab']['gitlab_rails']['redis_repository_cache_username'] = nil
492531
default['gitlab']['gitlab_rails']['redis_repository_cache_password'] = nil
493532
default['gitlab']['gitlab_rails']['redis_repository_cache_cluster_nodes'] = []
533+
default['gitlab']['gitlab_rails']['redis_repository_cache_ssl'] = false
534+
default['gitlab']['gitlab_rails']['redis_repository_cache_tls_ca_cert_dir'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_dir'].dup
535+
default['gitlab']['gitlab_rails']['redis_repository_cache_tls_ca_cert_file'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_file'].dup
536+
default['gitlab']['gitlab_rails']['redis_repository_cache_tls_client_cert_file'] = nil
537+
default['gitlab']['gitlab_rails']['redis_repository_cache_tls_client_key_file'] = nil
494538
default['gitlab']['gitlab_rails']['redis_cluster_rate_limiting_instance'] = nil
495539
default['gitlab']['gitlab_rails']['redis_cluster_rate_limiting_sentinels'] = []
496540
default['gitlab']['gitlab_rails']['redis_cluster_rate_limiting_sentinels_password'] = nil
497541
default['gitlab']['gitlab_rails']['redis_cluster_rate_limiting_username'] = nil
498542
default['gitlab']['gitlab_rails']['redis_cluster_rate_limiting_password'] = nil
499543
default['gitlab']['gitlab_rails']['redis_cluster_rate_limiting_cluster_nodes'] = []
544+
default['gitlab']['gitlab_rails']['redis_cluster_rate_limiting_ssl'] = false
545+
default['gitlab']['gitlab_rails']['redis_cluster_rate_limiting_tls_ca_cert_dir'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_dir'].dup
546+
default['gitlab']['gitlab_rails']['redis_cluster_rate_limiting_tls_ca_cert_file'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_file'].dup
547+
default['gitlab']['gitlab_rails']['redis_cluster_rate_limiting_tls_client_cert_file'] = nil
548+
default['gitlab']['gitlab_rails']['redis_cluster_rate_limiting_tls_client_key_file'] = nil
500549
default['gitlab']['gitlab_rails']['redis_workhorse_instance'] = nil
501550
default['gitlab']['gitlab_rails']['redis_workhorse_sentinels'] = []
502551
default['gitlab']['gitlab_rails']['redis_workhorse_sentinels_password'] = nil
503552
default['gitlab']['gitlab_rails']['redis_workhorse_username'] = nil
504553
default['gitlab']['gitlab_rails']['redis_workhorse_password'] = nil
505554
default['gitlab']['gitlab_rails']['redis_workhorse_cluster_nodes'] = []
555+
default['gitlab']['gitlab_rails']['redis_workhorse_ssl'] = false
556+
default['gitlab']['gitlab_rails']['redis_workhorse_tls_ca_cert_dir'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_dir'].dup
557+
default['gitlab']['gitlab_rails']['redis_workhorse_tls_ca_cert_file'] = default['gitlab']['gitlab_rails']['redis_tls_ca_cert_file'].dup
558+
default['gitlab']['gitlab_rails']['redis_workhorse_tls_client_cert_file'] = nil
559+
default['gitlab']['gitlab_rails']['redis_workhorse_tls_client_key_file'] = nil
506560

507561
# used by workhorse to connect to a separate external redis instead of the omnibus-gitlab redis
508562
default['gitlab']['gitlab_rails']['redis_workhorse_sentinel_master'] = nil

files/gitlab-cookbooks/gitlab/recipes/gitlab-rails.rb

Lines changed: 27 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -200,6 +200,11 @@
200200
redis_sentinels = node['gitlab']['gitlab_rails']['redis_sentinels']
201201
redis_sentinels_password = node['gitlab']['gitlab_rails']['redis_sentinels_password']
202202
redis_enable_client = node['gitlab']['gitlab_rails']['redis_enable_client']
203+
redis_ssl = node['gitlab']['gitlab_rails']['redis_ssl']
204+
redis_tls_ca_cert_dir = node['gitlab']['gitlab_rails']['redis_tls_ca_cert_dir']
205+
redis_tls_ca_cert_file = node['gitlab']['gitlab_rails']['redis_tls_ca_cert_file']
206+
redis_tls_client_cert_file = node['gitlab']['gitlab_rails']['redis_tls_client_cert_file']
207+
redis_tls_client_key_file = node['gitlab']['gitlab_rails']['redis_tls_client_key_file']
203208

204209
templatesymlink "Create a secrets.yml and create a symlink to Rails root" do
205210
link_from File.join(gitlab_rails_source_dir, "config/secrets.yml")
@@ -227,7 +232,17 @@
227232
owner "root"
228233
group "root"
229234
mode "0644"
230-
variables(redis_url: redis_url, redis_sentinels: redis_sentinels, redis_sentinels_password: redis_sentinels_password, redis_enable_client: redis_enable_client)
235+
variables(
236+
redis_url: redis_url,
237+
redis_sentinels: redis_sentinels,
238+
redis_sentinels_password: redis_sentinels_password,
239+
redis_enable_client: redis_enable_client,
240+
redis_ssl: redis_ssl,
241+
redis_tls_ca_cert_dir: redis_tls_ca_cert_dir,
242+
redis_tls_ca_cert_file: redis_tls_ca_cert_file,
243+
redis_tls_client_cert_file: redis_tls_client_cert_file,
244+
redis_tls_client_key_file: redis_tls_client_key_file
245+
)
231246
dependent_services.each { |svc| notifies :restart, svc }
232247
sensitive true
233248
end
@@ -273,6 +288,11 @@
273288
clusters = node['gitlab']['gitlab_rails']["redis_#{instance}_cluster_nodes"]
274289
username = node['gitlab']['gitlab_rails']["redis_#{instance}_username"]
275290
password = node['gitlab']['gitlab_rails']["redis_#{instance}_password"]
291+
redis_ssl = node['gitlab']['gitlab_rails']["redis_#{instance}_ssl"]
292+
ca_cert_dir = node['gitlab']['gitlab_rails']["redis_#{instance}_tls_ca_cert_dir"]
293+
ca_cert_file = node['gitlab']['gitlab_rails']["redis_#{instance}_tls_ca_cert_file"]
294+
certificate_file = node['gitlab']['gitlab_rails']["redis_#{instance}_tls_client_cert_file"]
295+
key_file = node['gitlab']['gitlab_rails']["redis_#{instance}_tls_client_key_file"]
276296
from_filename = File.join(gitlab_rails_source_dir, "config/#{filename}")
277297
to_filename = File.join(gitlab_rails_etc_dir, filename)
278298

@@ -292,7 +312,12 @@
292312
redis_enable_client: redis_enable_client,
293313
cluster_nodes: clusters,
294314
cluster_username: username,
295-
cluster_password: password
315+
cluster_password: password,
316+
redis_ssl: redis_ssl,
317+
redis_tls_ca_cert_dir: ca_cert_dir,
318+
redis_tls_ca_cert_file: ca_cert_file,
319+
redis_tls_client_cert_file: certificate_file,
320+
redis_tls_client_key_file: key_file
296321
)
297322
dependent_services.each { |svc| notifies :restart, svc }
298323
action :delete if url.nil? && clusters.empty?

0 commit comments

Comments
 (0)